1. Field of the Invention
Embodiments of the present invention relate generally to techniques for managing authentication of intermediary apparatus located in the network path between a client device and a server.
2. Description of the Related Art
It is relatively common for a network to comprise one or more intermediary appliances, such as Wide Area Network (WAN) accelerators or virus detection devices, inserted in the path between a client device (e.g., a personal computer) and a server (e.g., an application server or server enabled to provide remote desktop services). To maintain secure coupling between the client and the server, the intermediary appliance is generally pre-configured to be included in the trust domain of the server or has the certificate authority to establish trust with a client such that it may intercept and modify secure communications between the client and the server. In such topologies, clients are generally also burdened with maintaining signed certificates and related certificate management infrastructure in order for them to connect to intermediary appliances and initiate a secure session.
However, selective insertion of authorized intermediary appliances in a secure manner remains challenging and therefore there is a need in the art for a method of authenticating such authorized intermediary appliances while also rejecting authentication of, or participation by, unauthorized appliances capable of orchestrating man-in-the-middle (MITM) attacks or other malicious behavior.